In electronic commerce, one of the common use cases is that a user signs an electronic document with her private key by means of an electronic signature. For instance, a user may sign a contract with a service provider or a transaction order at a bank. To be secure, such applications demand that the user can verify the statement she signs over a trusted device.
If such a transaction is done without a trusted device, malicious software such as viruses, Trojan horses etc. may manipulate the information the user sees or the information that is actually signed. Thus, the malicious software or ultimately a malicious party may engage in fraud against the user.
Because of practicability reasons such trusted devices are often very small, for instance, USB keys, Smart Cards, or small tamper proof card readers. Those devices come at best with small user interfaces and small screens.
Such small trusted user devices are often not tangible to show the whole content the user is actually signing. As an example a full contract the user is supposed to sign cannot be displayed on a trusted device that has only a display of a few square-centimeters. An example of such a small trusted device is the display of an EC-Card reader.
It is an object of the invention to provide other solutions for verifying an electronic document.
It is a further object of the invention to provide an improved system, an improved method and an improved computer program embodying solutions for verifying an electronic document.